Report: HIPAA is a hindrance to health care info sharing

The primary law safeguarding the privacy of personal medical information is an impediment to the use of big data in improving health care for the individuals it is intended to protect, according to a report from the Bipartisan Policy Center.

The Washington, D.C., think tank characterized the Health Insurance Portability and Accountability Act of 1996 (HIPAA) as too far-reaching and too "often misunderstood, misapplied and over-applied in ways that may inhibit information sharing unnecessarily."

Esther Dyson, chairwoman of the Health Initiative Coordinating Council, endorsed the findings at a Dec. 3 event that coincided with the release of the paper.

"The problem with HIPAA is [that] it was applied much too broadly, and to be candid, it was often used as an excuse not to move data around," Dyson said.

Some of the problems sound similar to those voiced by critics of the intelligence community in the wake of the Sept. 11, 2001, terrorist attacks.

"Despite the significant growth in electronic health information," the report states, "for the most part, data continues to reside in silos -- inaccessible for purposes of improving health as well as the quality, cost and patient experience of care."

With regard to the government's gathering of data on individuals, Nick Sinai, deputy chief technology officer at the White House's Office of Science and Technology Policy, stressed that collection is only part of the process.

"We talk about public and non-public information, but there's actually this middle ground of what we call restricted information, where it may have [personally identifiable information] or it may have other information that is sensitive, but if you can make it available to qualified parties, to research institutions, to folks who are going to not re-identify folks, there [are] actually tremendous insights and opportunities," Sinai said.

The report also notes that a trove of potentially useful data is available that "falls outside the purview of HIPAA, such as consumer-generated data that might be posted on social networks, stored in apps or shared through other online sources."

Among the paper's suggestions for reforms are:

• Establishing standards, policies and best practices for capturing, analyzing and sharing data.
• Creating incentives to accelerate information sharing.
• Engaging individuals in planning, executing and improving big-data efforts.
• Federally funding collaborative research efforts on transparency and analytical methods.